Altair Healthcare Limited, as a data processor and controller, is responsible overall for demonstrating compliance with data protection legislation and meeting the accountability and transparency obligations within the legislation. All staff have a responsibility to ensure they process personal data in accordance with the data protection principles and other requirements of data protection legislation. Processing means any operation which is performed on personal data or sets of personal data, by automated or manual means such as collecting, recording, organising, storing, adapting, altering, consulting, using, disclosing, combining, restricting, erasing or destroying.
Altair shall be responsible for and be able to demonstrate compliance with data protection legislation. We follow the principles of the GDPR in handling personal data, for example, we will:
- process your data fairly and lawfully, and in a transparent manner
- only collect the data we need for that specific purpose and no further processing is done when unnecessary
- ensure the data we collect and process is kept to a minimum where appropriate
- do our best to ensure it is accurate and up to date. You can help us by telling us about any change of circumstances
- keep it no longer than necessary
- keep and dispose of it securely
We will only share your personal data with other organisations if it is stated at the point of collection, or if it is necessary to fulfil contractual obligations and duties, or to check accuracy, or to prevent and detect crime. We will not share your personal data with other organisations for commercial purposes.
Types of personal data that we may collect
The personal data we collect may include your name, date of birth, address, National Insurance number or other information that identifies you; billing address, delivery address, email address and telephone number, bank account, payment card details, training and qualification certificates. We will always make it clear what information we are collecting, how we will use it, and why and with whom we will share it.
How we collect and use your personal data
We collect your personal data through our website when you voluntarily enter your information in a form on our website or by contacting a service or officer in person, in writing or over the phone.
We collect your personal data when you have given express consent for your data to be used for a specific purpose, or to enable us to perform our contractual obligations to you, when we employ you, to process and deliver your order, to manage payments, fees and charges and debt recovery.
We will hold your personal information for as long as the employment contract remains in force, or a care package is in place, or we are informed otherwise, either by the data subject themselves (you) or the employee or customer.
Your legal rights
You have the following legal rights in relation to your personal data:
a. Right of access - You have the right to ask us for copies of your personal information.
b. Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
c. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
d. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
e. Your right to object to processing - You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.
f. Your right to data portability - This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Sharing your personal data
We might share your personal data in order to effectively deliver our services, particularly where we have partnered with another service provider to provide a service. We may also share your data with Government agencies and authorities, depending on the service being provided. We will only share your personal data if it is necessary to do so, and the appropriate conditions have been met. Your personal information will not be transferred outside of the UK.
Subject Access Requests
You have the right, under the Data Protection legislation to access any personal information held about you by Altair. You may exercise this right by requesting the information verbally, by phone, or by emailing us at firstname.lastname@example.org. Any formal subject access request must be responded to within 30 calendar days, or within appropriate additional timescale as laid down by data protection legislation.